Impact

Sending emails using a specially crafted mail template may result in an arbitrary OS command executed on the server - CVE-2016-7844

Denial of Service (DoS) condition may be caused by processing a specially crafted request - CVE-2016-1181

An arbitrary file can be uploaded as a profile image file by a user, which may be used for unauthorized file sharing - CVE-2016-7845

Solution

Solution for CVE-2016-7844 and CVE-2016-1181 vulnerabilities：Update to the latest version and then apply a patch
Update to GigaCC OFFICE ver.2.3 and then apply an appropriate patch according to the information provided by the developer.

Solution for CVE-2016-7845 vulnerability：Update to the latest version and apply Patch 1, and then apply an update module
Update to Giga CC OFFICE ver.2.4 and apply Patch 1, and then apply an update module according to the information provided by the developer.

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

WAM!NET Japan K.K. and the following people reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and WAM!NET Japan K.K. coordinated under the Information Security Early Warning Partnership.